API early May 2026 improvements (1.6.4)
Additional API features, improvements and fixes that shipped to production in early May 2026, on top of the earlier mid April 2026 release.
- Added stateless JWT-based shopper authentication, allowing chains to configure trusted JWT issuers via
jwt_jwks_url,jwt_issuer, and optionaljwt_audiencefields onalter-chainandget-chain. Shopper JWTs are validated using JWKS with automatic key-rotation support, andalter-userenforces an explicitcustomer_profile.writescope when called with JWT authentication. - Added a
fixed_valuecalculation method to composable campaign reward methods, alongside the existing basket-value and items-value methods. - Added a
contextfield to composable campaigns, with context-based filtering of available restrictions and reward methods. - Changed composable campaign budget and usage-limit configuration to be set at the reward-method level rather than the campaign level.
- Changed admin and user permission payloads so that the legacy empty
businessesblock is no longer included inauth/login,auth/session,auth/get-user-permissions, andget-userresponses for API version 1.6.4 and above. Older versions still returnbusinesses: nullfor compatibility. - Improved phone-number verification so that re-submitting the same phone number on
alter-useroradd-userpreserves theVERIFIEDstatus instead of resetting toVALIDATED, avoiding unnecessary OTP re-verification. - Improved phone-number validation so that invalid phone numbers submitted via legacy API versions (below 1.6.1) are now stored with
INVALIDstatus instead ofUNCHECKED, giving better data visibility. - Improved Stripe subscription handling to fix cancellation webhooks silently failing when a subscription's annual expiry had passed, and to prevent duplicate Stripe subscriptions being created by failed renewal retries.
- Fixed composable campaign segment-restriction evaluation returning an incorrect type when the segment response was empty, which could cause campaigns with segment restrictions to behave unexpectedly.